Amazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. We identified CVE-2026-9291, an insecure deserialization issue (CWE-502) in the job results processing component. The SDK's deserialize_values() function trusts the dataFormat field from an untrusted JSON file to control whether pickle.loads() is called on the data payload. A remote authenticated user with S3 write access to the job output bucket can modify the dataFormat field in results.json from PLAINTEXT to pickled_v4 and replace data values with executable payloads, achieving arbitrary code execution on any machine that processes job results.

Impacted versions:>= 1.10.0 AND < 1.117.0

Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

Kiro CLI is a command-line AI coding assistant that enables developers to interact with AI models to execute code, manage files, and run shell commands. We identified CVE-2026-9255, an issue where missing input source validation in the tool authorization prompt could allow a local actor to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin.

Impacted versions:kiro-cli prior to 1.28.0

Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

rabbitmq-aws is a RabbitMQ plugin that resolves AWS ARNs in broker configuration at startup, fetching secrets (e.g., TLS certificates, private keys, passwords) from AWS services (Secrets Manager, S3, ACM Private CA) and passing them in-memory to RabbitMQ. We identified CVE-2026-9133, an active debug code issue in the plugin's ARN resolver. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. The debug code was inadvertently shipped in production builds with no mechanism to disable it.

Impacted versions:>=0.1.0, <=0.2.0

Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

amazon-redshift-python-driver is the official Python connector for Amazon Redshift. We identified a code injection issue in versions 2.1.13 and earlier that could allow a rogue server or man-in-the-middle to execute arbitrary code on the client.

Impacted versions:<=2.1.13

Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.